<html>
  <head>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/axios/0.15.3/axios.min.js"></script>
  </head>
  <body>
    <script>
      // Create the XHR object.
      function createCORSRequest(method, url) {
        var xhr = new XMLHttpRequest();
        if ("withCredentials" in xhr) {
          // XHR for Chrome/Firefox/Opera/Safari.
          xhr.open(method, url, true);
          xhr.setRequestHeader("Apitoken", '{"name": "root", "sig": "#sigkey"}');
        } else if (typeof XDomainRequest != "undefined") {
          // XDomainRequest for IE.
          xhr = new XDomainRequest();
          xhr.open(method, url);
        } else {
          // CORS not supported.
          xhr = null;
        }
        return xhr;
      }

      // Helper method to parse the title tag from the response.
      function getTitle(text) {
        return text.match('<title>(.*)?</title>')[1];
      }

      // Make the actual CORS request.
      function makeCorsRequest() {
        // This is a sample server that supports CORS.
        var url = 'http://localhost:8080/api/v1/user/auth_session';

        var xhr = createCORSRequest('GET', url);
        if (!xhr) {
          alert('CORS not supported');
          return;
        }

        // Response handlers.
        xhr.onload = function() {
          var text = xhr.responseText;
          var title = getTitle(text);
          alert('Response from CORS request to ' + url + ': ' + title);
        };

        xhr.onerror = function() {
          alert('Woops, there was an error making the request.');
        };

        xhr.send();
      }
      makeCorsRequest()
    </script>
    <h1>Test</h1>
    <div class="row"></div>
  </body>
</html>
